[Bug #14087] x509cert, x509crl, x509req, ns_spki: check sanity of public key #168
Commits on Nov 11, 2017
-
pkey: make pkey_check_public_key() non-static
Also make it take const pointer as it never modifies the pkey.
Commits on Nov 13, 2017
-
x509cert, x509crl, x509req, ns_spki: check sanity of public key
The pub_encode routine of an EVP_PKEY_ASN1_METHOD seems to assume the parameters and public key component(s) to be set properly. Calling that, for example, through X509_set_pubkey(), with an incomplete object may cause segfault. Use ossl_pkey_check_public_key() to check that. It doesn't look pretty, but unfortunately there isn't a generic way to do that with the EVP API. Something similar applies to the verify routine of an EVP_PKEY_METHOD. Do the same check before calling *_verify(). Reference: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/83688 Reference: https://bugs.ruby-lang.org/issues/14087
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.